Every single f@#$ing thing Facebook has ever done since they were created in 2004 to bag on @#$%es who wouldn't sleep with sociopath Zuck has been a complete privacy disaster. They pioneered data theft and dark UI for the entire internet as it exists today. You wouldn't have Tiktok as it exists without Facebook blazing the way down to hell. The entire purpose of anything they make is to stab their slobbering proboscis deep into your deepest parts and suck them dry for his evil empire.

Which I know isn't new info for most /. users, but... needs repeating because there are so many people who don't get this. I meet them every week.

And yes, it's good to have the continuing rapine revealed like this. Not that it'll change anything, but it's good to have the specifics documented.

The fact that there are so many memory leak and bounds overflow vulnerabilities with C++ programs that are actually out there is something you just can't sweep away.

Sure, YOU are the perfect C++ programmer and YOU would never write a memory leak or bounds overflow, but you are obviously in the tiny minority (and you're not as good as you think about this, neither am I). And memory leaks are not even worst thing, they usually don't (though they can) lead to immediate predictable exploit, like, oh - the opposite of a memory leak, accessing something that's already deleted. Or stack overflow. So many others.

Imagine if we could harness with turbines the full power of all the C++ programmers who are deathly afraid of having to learn any other language (because C++ is so arcane and convoluted it takes years to fully learn, they think other languages are the same) and spend all their time posting about how safe C++ Ackshually is, we might be able to power one AI datacenter. And I say this as someone who's been programming C++ for 30 years, but learned other languages as they came along because I know its problems. Python, C#, Rust, Lisp, bash, they all have their place. So does C/C++ - I still use it for embedded firmware, and would use it for writing a game engine, but right tool for the right job.

Sorry to reply to my own comment, but I want to say that Indians (Desi) are not stupid and incompetent - educated and working outside India they can be f#$ing brilliant. One of the smartest mathematicians in the world, ever, was Indian (Srinivasa Ramanujan)! It just seems to be a cultural thing for people working in modern India to prioritize grift and nepotism over competence (like the US right now), where all the bosses hire their completely incompetent nephews and otherwise completely drag everything down into the shit, as they do at Google or Intel. This is why Google search is complete shit now, for example.

I have dealt with multiple Indian outsourcing initiatives in my career - none of them my choice, all of them by stupid f#$ing management stupidly thinking they could save some money, all of them a disaster.

Of course they claim 1/3 the cost, but if you actually want it to work, it balloons to 2x the cost of actually hiring local engineers who know what they're doing to do it right. I have sat in multiple meetings at multiple companies where the Indian outsourcers told us the reason their code did not work for us is that we had a firewall, and we had to remove the entire f!@#ing company firewall or their software would not work. And oh, they need $50K more to make it work even without the firewall. (spoiler, it would not work even without the firewall, because I, out of hatred, tried it on an external VM).

So yes, these are the sort of people who will take five code fragments from stackexchange, hammer them together till they compile, without a single concern whether they work or not (because they can blame that on the firewall), deliver that as the product, then call that a day.

And then, yes, LLMs actually do that better. I would absolutely take Gemini or Github copilot generating code over Indian outsourcing since at least it's stealing from things that actually work. If I had my choice I would do neither, but if it's 'AI' coding vs Indian outsourcing, 'AI' coding is far superior.

This was all 100% predictable and was predicted and inevitable, like the Honey browser extension thing (obviously a scan from day one). Corporations are going to suck you dumbasses in on obviously unsustainable promises of free [poop] and then turn the screws once you've had your free hit of the merchandise, and then you dumbasses are going to scream 'oh my god who could ever have seen this 100% predictable thing coming?!' Again, like the Honey thing.

So either need legislation to protect these f@#$ing dumbasses, because their education was deliberately terrible enough they couldn't even see this coming, or just let them burn. I have looked deep into my soul and... yeah, I don't really care.

Well if you like 'em then by all means leave 'em in, they're not cancer like Recall. For me personally they're all just annoying things that MS keeps cramming in to do network traffic (news, weather, etc) that I can do better another way, and the engine does burn some CPU/RAM, so I rip it out. But it's like OneDrive - if you actually want it, go for it.

I've considered turning this into a powershell script, but have not yet since MS keeps enshittifying and I'm lazy, but here you go, the most critical bits. It's not pretty, but things run WAY better after doing this. Obviously you need an administrator command line shell for the first bits.

- Remove OneDrive and Teams, other useless poop. If you need teams or onedrive, just delete that item:
        winget uninstall microsoft.onedrive uninstall microsoft.teams.free "widgets platform runtime" "windows web experience pack"
- Get rid of Recall and extra search/advertising crap:
        Dism /online /Disable-Feature /FeatureName:"Recall"
        Dism /online /Disable-Feature /FeatureName:"SearchEngine-Client-Package"
- OneDrive backstop (for the next time MS reinstalls it): gpedit.msc Computer Configuration - Administrative Templates - Windows Components - OneDrive - Prevent the usage of OneDrive for file storage - Enable
- Copilot: gpedit.msc User configuration > Administrative templates > Windows components > Windows Copilot - Disable Copilot - Enable (yes, Enable to disable)
- Widgets backstop (for the next time MS reinstalls it): gpedit.msc Computer Configuration -> Administrative Templates -> Windows Components -> Widgets -> Allow Widgets -> Disabled
- Services:
        - Windows Search: Disabled
        - Connected Devices Platform Services: Disabled
        - Connected User Experiences: Disabled

Win11 was fine when it came out, just WIn10 with some new lipstick. Ugly lipstick, but it worked.

Since then they have been relentlessly enshittifying it with their AI crap and randomly breaking major other things because all they care about is LLM. I am up to half a page of instructions (in Notepad++, so lines are compact!) to deshittify new WIn11 installs or major updates.

Of course you can gpedit some of these, but then MS does an end-run around you and turns the shit back on because they need to justify dumping tens of billions of dollars into 'AI' that nobody wants.

Honey was a very obvious scam - I said years ago their business model must be exactly what they're now being accused of doing (like it's a surprise) - especially after they got bought by the scammers at Paypal. Even if it actually started legit, there was no way it was going to survive being legit at Paypal.

And most of these extensions are, like Honey, very obvious scams. If you're someone dumb enough to install something like 'TinaMeet', 'Vidnoz Flex', 'ChaptGPT for Google Meet', 'VPNCity' (sure, explicitly route all your web browsing through the CCP, save them the trouble), or 'Keyboard History Recorder' (are you f@$#ing kidding me?!) then your extensions being further compromised by the CyberHaven attackers is probably the least of your problems. Some people just can't be helped.

It's enough for me to naively wish that everyone gets assigned a scam/tech literacy level and your computer and phone come locked down to that, and then someone with a higher rating can do things for your computer. Of course I realize exactly why that can never work, especially social engineering, regulatory capture, etc. But most people are absolutely not knowledgeable enough to have admin on their own computer/browser - it's monkeys with dynamite. And an extremely target rich environment for scammers at all levels of legitimacy (like Honey).

Yes! This was my immediate thought. Does this explain why orange cats are so dumb but so friendly? No, it does not. That will have to wait.

No One Could Have Possibly Seen This Coming (TM)

Currently, if you need C level performance the only real option for safe code is Rust. There are other wannabes like Zig, Fil-C, and TrapC, but they all have significant caveats - if you actually want production code, use Rust. C++ industrial complex claims you can use the latest version with STL, but no, it's just more turd polishing.

If you don't need C level performance, there are lots of options like python or c#. In this case the only vulnerabilities are in their VMs and they've had millions of people whaling on them for years. There are certainly other options - I can't keep up with everything. Heck, at this point, Java is probably pretty secure, but is complete hell to actually write code in, so I'm not gonna.

I know you can't trivially rewrite your hundreds of thousands of c/c++ lines of code in safer languages, so this sort of thing is a decent mitigation strategy.

But also the very definition of polishing a turd. You are using fundamentally insecure languages (because that was not even a concern at the time, fair enough, I have also written tens of thousands of lines of c and c++ code). It is impossible to ever actually make secure. Normally this does not matter, but it does when you are a big fat target like Google is.

Then again, Google's primary directive is to deliver shitty search results so people will have to click through more ads, so why do you even care? I guess it would be bad for you if Russian hackers stole your ad impressions to deliver stuff that's just as worthless as you would have delivered because that's what Prabhakar Raghavan decreed Google Search needs to deliver.

Remember when we used to joke about Google being as shitty as Altavista? Well, it's here.

The big problem with this (other than the stupidity of it being driven by worse than useless managers and executives trying to pretend they are doing something useful) is that the labor market is very tight. We have very low unemployment. And it's especially tight in the tech industry because actual skill is required for the important jobs - as someone who has recently been interviewing a lot of people for one job, you can't just fire half your staff because they won't come back to the office then find competent people to fill those jobs. Yes, you will get thousands of resumes for each job, but 2/3 of those will be recruiters doing pray and spray, and good luck finding anyone who actually knows what they put on their CV.

I am currently working several jobs (yes, they all know about each other) where they would love to have a full time employee, and I am actually trying to help two of them find a full time employee to replace me, and it's hard. And I am legitimately trying to make this happen, I would like to lose at least one of these jobs and have more free time!

So anyhow, it's going to take a truly consequence blind executive to actually pull the trigger on firing everyone who refuses to come into the office five (or more) days a week who has any job skills, because you can't just instantly replace them with J. Random Schmuck. But there are lots of those execs, so I'm sure it will happen.

Perhaps it was fake at his crappy-ass fraudulent consulting company, but it was a real problem. I fixed at least 6 different products that would have blown up, but did not because I fixed them. This included products that kept shipping of critical (and non-critical) goods going. You would have had a lot of dead in the water (or at least not coordinated) big rigs as their shipping fleet location, communication, and tracking systems broke.

And that was the thing about Y2K - we figured out there was a problem, we all agreed there was a problem, and we put in the money and effort (a lot of 1999) to fix the problem before it exploded. And we mostly succeeded. Which, I know, is completely incomprehensible now - you'd have a legion of Y2K deniers declaring it could never happen, it'd get completely politicized with certain political parties passing laws forbidding anyone from 'wasting taxpayer money' working on fixing the 'fake Y2K problem' before it turned into a complete clusterf@#$. And of course there's no longer any money or will to fix anything before it completely craters and costs 100x to fix it.

I was there. It was real. We fixed it before it happened. It was a different time.